Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets.
Switch branches/tags
Nothing to show
Clone or download
Latest commit b132071 Feb 26, 2014
Failed to load latest commit information.
.gitignore Initial commit Jan 17, 2014
LICENSE Initial commit Jan 17, 2014
README.md Update README.md Feb 20, 2014
mac-oui.db MAC OUI Database Feb 3, 2014
wids.py Fix bug on QOS Feb 26, 2014


Wireless IDS [Intrusion Detection System]

Wireless IDS is an open source tool written in Python and work on Linux environment. This tool will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following

  • Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
  • Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
  • Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
  • Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)
  • Detects possible Rogue Access Point responding to probe by wireless devices in the surrounding.

Newly Added !!!!

  • Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
  • Display of probing SSID by wireless devices
  • Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks)
  • Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
  • Detection of possible WPA Downgrade attack by MDK3
  • Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
  • Detection of Beacon flooding by MDK3
  • Detection of possible Authentication DoS by MDK3
  • Detection of possible association flooding
  • Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
  • Allow logging of events to file.
  • Allow disabling of displaying of probing devices
  • Setting of scanning count..

Visit and Like my Facebook Page for other updated information and tools.

Read Wiki for installation and other details (https://github.com/SYWorks/wireless-ids/wiki)

Submit issue here